clawpilot-pair

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the agent to output the final pairing code on its own line (a secret-like credential used for pairing), meaning the LLM must include a verbatim secret in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow for the ccconnect runtime explicitly directs following a public raw GitHub guide (https://raw.githubusercontent.com/chenhg5/cc-connect/refs/heads/main/INSTALL.md), which is untrusted third-party content that the agent is expected to use to configure tools and could therefore alter subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs installing/upgrading global npm packages and installing/managing daemons (cc-connect, hermes gateway, clawpilot), running commands that modify system services and configuration and may require elevated privileges, so it directs the agent to change the host state.